The U.S. government’s standards clearinghouse for science and technology says that an encryption standard it established in 2001 has had an economic impact of a quarter of a trillion dollars over the years, according to a report released Wednesday.
The National Institute of Standards and Technology set out in 1997 to find a new encryption algorithm for use in the federal agencies to replace the Data Encryption Standard (DES), the government’s prevailing yet aging standard at the time. The result was the Advanced Encryption Standard (AES), an algorithm born of collaboration from the greater cryptography community.
According to the report, commissioned by NIST and prepared by RM Advisory Services, AES has added more than $250 billion in value to the economy since it became available.
AES is part of the Federal Information Processing Standards, which agencies across the government use to guide their information security and interoperability. The encryption standard is unclassified and is available royalty-free, so it’s utilized by private sector organizations in addition to the government.
The assessment, the report says, is based on the following question: “‘What would it have cost industry, acting without NIST support, to develop and adopt a strong successor to the operative encryption standard (DES, FIPS-46) in the mid-1990s as DES was coming to the end of its useful life as a secure symmetric block cipher?’”
The figure is drawn from a survey of consumers in the public and private sector who use encryption systems, as well as private integrators that produce encryption products.
“This outstanding return on investment exemplifies the economic value of federal research and development, for the private sector and for the broader American economy,” said NIST Director Walter Copan, in a statement. “It also demonstrates how bringing together the private and public sectors effectively to address a challenge can result in positive impacts on U.S. commerce.”
NIST is also known for its Framework for Improving Critical Infrastructure Cybersecurity, which is used by government agencies and the private sector to guide security and risk management practices. The agency released Version 1.1 of the framework in April.